The Greek word 'kryptos logos', means hidden word and is the root of the
word cryptology that is the science of defeating mechanisms by which
communication of some sort is made secured through encryption. Commonly though cryptology is referred to the
science of mechanisms and methods by which sensitive communication is made
secure through encryption. This is not a
new science and one that has been with us since the antiquities.
Encryption means transforming data into a form that is very hard to
read. Note the term 'very hard' as
oppose to 'impossible'. No encryption is
impossible to break. The encrypted data
is referred to as 'cyphertext'. This
data is usually of sensitive nature and encryption is to ensure privacy through
keeping the data secret and only transparent to the parties of the
communication. The process of
transforming the cyphertext back to data is called decryption.
Protecting the privacy has been the goal of encryption throughout the
history. But doing business online also
requires authentication capabilities. It
is not enough to ensure that sensitive information is not divulged to the
adversary but we must also make sure that we know who the sender is and more to
the point that the sender will not deny having sent the message. We do this all the time in our everyday
life. For example any credit card
transaction will involve some kind of authentication in the form of a personal
signature. Having signed the piece of
paper we can not at a later stage deny the transaction.
I suppose we can think of encryption in terms of its different elements:
Encryption algorithm is the mathematical procedure or function that is
used for encryption and decryption.
Encryption and decryption usually requires some kind of a secret information
that only the sender and the receiver have knowledge of. The secret information is used first to encrypt
the data into cyphertext. The receiver having received the cyphertext would
use the secret information to recover the data. This secret piece of information is called the
key and since both the sender and the receiver use the same key to encrypt
and decrypt, this is called symmetric encryption.
As you have probably gathered by now one big problem is the exchange of
the key. Both the sender and the receiver
need to agree on a key in advance of the transmission. Security and privacy is a major issue for the
key exchange. Clearly in the case of
electronic business (specially when a consumer is purchasing online) exchange
of key in advance of transaction is not feasible. One big break through of last century has been
the invention of encryption algorithms that allow encrypted communication
without key exchange in advance of transmission. This is the advent of asymmetric encryption and the emergence
of Public Key Infrastructure (PKI).
Strictly speaking with PKI key exchange does take place but the exchange
is hidden to the users.
There are encryption algorithms that are kept secret. This type of algorithm is called restricted algorithm
and one that for its strength relies on the secrecy of algorithm. The strength of modern encryption however is
in the length of key. For strong
encryption usually the algorithm, the program code, and the theoretical
foundations are well publicised. Also
known to all would be the procedure for the exchange of keys.
Generally
speaking the longer the key, the stronger the encryption. Any encryption is susceptible to be broken
given computational power and time. It
all comes down to useful life of data and information. For example if information is a prediction of
London stock exchange volatility for tomorrow, this information would loose its
value some tomorrow. In contrast
historical personal medical records are likely to have much longer life. Considering that given time any encryption
could be broken, one needs to employ stronger encryption for the medical
records. This off course is for the sake
of argument and it so happens that regardless of type of information,
relatively strong encryption is used due to cost effectiveness.
|
Can
you think of a simple algorithm and a key for encryption of a piece of text? |
|
|